cburn32
asked on
How to configure a switchport on a Cisco 2800
I have a Cisco 2800 with a add-in 4 port switch card. I would like to configure one of the interfaces as another Ethernet port. Unfortunaley, I have to use a VLAN setup. A sample VLAN configuration would be greatly appreciated!
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It depends on what you are want traffic you are wanting to block.
If you want to block traffic within a VLAN (never leaves a VLAN) then you will need to create a VLAN ACL.
If you want to block traffic between VLANs then you will need to create a SVI (layer 3 interface )for each VLAN and then apply the ACL to the SVI just as you would any other interface.
ex:
int vlan 100 <---creates the SVI
ip address x.x.x.x x.x.x.x <---assignes ip to VLAN and allows routing between this vlan and others
access-group 101 in <--- applies acl to vlan 100
If you want to block traffic within a VLAN (never leaves a VLAN) then you will need to create a VLAN ACL.
If you want to block traffic between VLANs then you will need to create a SVI (layer 3 interface )for each VLAN and then apply the ACL to the SVI just as you would any other interface.
ex:
int vlan 100 <---creates the SVI
ip address x.x.x.x x.x.x.x <---assignes ip to VLAN and allows routing between this vlan and others
access-group 101 in <--- applies acl to vlan 100
ASKER
Ok I will try applying the ACL to the interface the VLan is assigned too. It seems my Vlan is not setup correctly though. Here my config for the VLan:
interface FastEthernet0/0/0
description Stutz Link
switchport access vlan 2
interface Vlan2
ip address 206.246.130.17 255.255.255.252
I cannot even ping the FE 0/0/0 interface. I am obviously missing something. Thanks again for any input!
interface FastEthernet0/0/0
description Stutz Link
switchport access vlan 2
interface Vlan2
ip address 206.246.130.17 255.255.255.252
I cannot even ping the FE 0/0/0 interface. I am obviously missing something. Thanks again for any input!
Right. you are unable to ping f0/0/0 becuase it is a switchport (layer 2).
you should be able to ping your vlan interface though.
remimber the SVI (interface vlan2) and the f0/0/0 (vlan2 member port) are complety different ports.
Also your acl can only be applied to the VLAN2 interface not the f0/0/0 interface
you should be able to ping your vlan interface though.
remimber the SVI (interface vlan2) and the f0/0/0 (vlan2 member port) are complety different ports.
Also your acl can only be applied to the VLAN2 interface not the f0/0/0 interface
ASKER
I should be able to ping the IP address I assigned to the Vlan, right? Would I be able to use the Vlan address as a routable gateway?
Yes you should be able to ping the address assigned to the vlan interface. this interface is a fully functional layer three routable interface once an ip address is assigned to it.
ASKER
Thanks